diff --git a/config/v1alpha1/types.go b/config/v1alpha1/types.go
index a92805d..c693f30 100644
--- a/config/v1alpha1/types.go
+++ b/config/v1alpha1/types.go
@@ -471,6 +471,12 @@ type PersistentVolumeBinderControllerConfiguration struct {
 	PVClaimBinderSyncPeriod metav1.Duration
 	// volumeConfiguration holds configuration for volume related features.
 	VolumeConfiguration VolumeConfiguration
+	// VolumeHostCIDRDenylist is a list of CIDRs that should not be reachable by the
+	// controller from plugins.
+	VolumeHostCIDRDenylist []string
+	// VolumeHostAllowLocalLoopback indicates if local loopback hosts (127.0.0.1, etc)
+	// should be allowed from plugins.
+	VolumeHostAllowLocalLoopback *bool
 }
 
 // PodGCControllerConfiguration contains elements describing PodGCController.
diff --git a/config/v1alpha1/zz_generated.deepcopy.go b/config/v1alpha1/zz_generated.deepcopy.go
index 5e7fc06..453675d 100644
--- a/config/v1alpha1/zz_generated.deepcopy.go
+++ b/config/v1alpha1/zz_generated.deepcopy.go
@@ -442,6 +442,16 @@ func (in *PersistentVolumeBinderControllerConfiguration) DeepCopyInto(out *Persi
 	*out = *in
 	out.PVClaimBinderSyncPeriod = in.PVClaimBinderSyncPeriod
 	in.VolumeConfiguration.DeepCopyInto(&out.VolumeConfiguration)
+	if in.VolumeHostCIDRDenylist != nil {
+		in, out := &in.VolumeHostCIDRDenylist, &out.VolumeHostCIDRDenylist
+		*out = make([]string, len(*in))
+		copy(*out, *in)
+	}
+	if in.VolumeHostAllowLocalLoopback != nil {
+		in, out := &in.VolumeHostAllowLocalLoopback, &out.VolumeHostAllowLocalLoopback
+		*out = new(bool)
+		**out = **in
+	}
 	return
 }